ASP.NET Security Update Shipping Thursday, Dec 29th

Scott Guthrie just provided an update on an ASP.NET vulnerability and the availability of a patch to mitigate the issue. The patch will release today and everyone should start testing ASAP and planning the deployment to their servers.

The issue is apparently a denial-of-service problem rather than a systems-access issue, but because the attack is so easy to implement, it is expected that we’ll see attacks against the vulnerability very soon. System administrators should take this very seriously.

[UPDATE: I’ve heard talk that there may also be elevation-of-privileges issues but that is unconfirmed. Regardless, this should be installed as soon as reasonably possible.]

Be Sociable, Share!

    Comments are closed.